IETF Logo Mail Archive

Re: comment on draft-fang-l3vpn-virtual-pe-framework-01

Robert Raszuk <robert@raszuk.net> Wed, 31 October 2012 22:19 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: l3vpn@ietfa.amsl.com
Delivered-To: l3vpn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 285C121F881F for <l3vpn@ietfa.amsl.com>; Wed, 31 Oct 2012 15:19:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.577
X-Spam-Level:
X-Spam-Status: No, score=-2.577 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fYHs+xH8eAkS for <l3vpn@ietfa.amsl.com>; Wed, 31 Oct 2012 15:19:46 -0700 (PDT)
Received: from mail-ie0-f172.google.com (mail-ie0-f172.google.com [209.85.223.172]) by ietfa.amsl.com (Postfix) with ESMTP id 43A9721F8771 for <l3vpn@ietf.org>; Wed, 31 Oct 2012 15:19:46 -0700 (PDT)
Received: by mail-ie0-f172.google.com with SMTP id 9so3207299iec.31 for <l3vpn@ietf.org>; Wed, 31 Oct 2012 15:19:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=UWzd7plplEh6ZjMzBzO7UZu7hYWVV2K+m7qnbCcl9q8=; b=O8uKeBXyicqOo4p0R27KNgPhKGbQetc8YWWBKSWPPhlwM6DyYALiid1cxf8IT7xFWy ys9aNuYoA2+ErToRbmqN96RZREhoZ7Hzu6eFLPOPq5xo0kTLHGvW4jMnw4Eqv9boDpn8 o2LnIXHXh4+0Zz8MlR77u15Q6Sql0lu8qf5DsWWZttcwdLPwu3fPaSVXnl3FCwbvwK4g jeHUWzA5yaSxTgAqlr0Z/LAHuaGxRavkxWihgH3rmrKlzg4pQbCVO8mi1BYfG5ZHNqsu nzM/f6hJBQjT35qjdQGREqIi+o/WwaRR+5eJOxzytJLysxxzJX2VB6XAwpolL6W6wnSS 9Bkw==
MIME-Version: 1.0
Received: by 10.50.217.169 with SMTP id oz9mr3203330igc.15.1351721985886; Wed, 31 Oct 2012 15:19:45 -0700 (PDT)
Sender: rraszuk@gmail.com
Received: by 10.42.68.133 with HTTP; Wed, 31 Oct 2012 15:19:45 -0700 (PDT)
In-Reply-To: <2691CE0099834E4A9C5044EEC662BB9D4482B744@dfweml505-mbx>
References: <2691CE0099834E4A9C5044EEC662BB9D4482B57E@dfweml505-mbx> <21624.1351716281@erosen-linux> <2691CE0099834E4A9C5044EEC662BB9D4482B705@dfweml505-mbx> <CA+b+ERkjBw_iBCwOuRt2sRiup8QMNqM0F7-BP_tB+zyoNKLYsA@mail.gmail.com> <2691CE0099834E4A9C5044EEC662BB9D4482B744@dfweml505-mbx>
Date: Wed, 31 Oct 2012 23:19:45 +0100
X-Google-Sender-Auth: WacEf-zardgjWehLI5f70a20zLI
Message-ID: <CA+b+ERkF28zUz8wPg9wyHcqPuCktkvmR=MNuwyJcHW0ESjG-nw@mail.gmail.com>
Subject: Re: comment on draft-fang-l3vpn-virtual-pe-framework-01
From: Robert Raszuk <robert@raszuk.net>
To: Lucy yong <lucy.yong@huawei.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "rex@cisco.com" <rex@cisco.com>, "nabil.bitar@verizon.com" <nabil.bitar@verizon.com>, "erosen@cisco.com" <erosen@cisco.com>, "l3vpn@ietf.org" <l3vpn@ietf.org>, "wardd@cisco.com" <wardd@cisco.com>
X-BeenThere: l3vpn@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <l3vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l3vpn>, <mailto:l3vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l3vpn>
List-Post: <mailto:l3vpn@ietf.org>
List-Help: <mailto:l3vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l3vpn>, <mailto:l3vpn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2012 22:19:47 -0000

Section 9.  Carriers' Carriers

Best,
R.

On Wed, Oct 31, 2012 at 11:17 PM, Lucy yong <lucy.yong@huawei.com> wrote:
> Another silly question, What does CSC stand for?
> Lucy
>
>> -----Original Message-----
>> From: rraszuk@gmail.com [mailto:rraszuk@gmail.com] On Behalf Of Robert
>> Raszuk
>> Sent: Wednesday, October 31, 2012 5:07 PM
>> To: Lucy yong
>> Cc: erosen@cisco.com; nabil.bitar@verizon.com; l3vpn@ietf.org;
>> rex@cisco.com; wardd@cisco.com
>> Subject: Re: comment on draft-fang-l3vpn-virtual-pe-framework-01
>>
>> Hi Lucy,
>>
>> To your below question the answer is yes. This is a flavor of CSC
>> which standard 4364 supports just fine.
>>
>> Best regards,
>> R.
>>
>> > For another scenario is that, if a WAN VPN is used to interconnect DC
>> provider underlying networks at different sites, i.e. PE-CE case, DC
>> provider should be able to build a L3VPN among vPEs at DC sites
>> directly, in which it seems necessary to have a tunnel between a pair
>> of vPEs. This makes that DC GW and WAN VPN are not aware of DC L3VPN
>> existence, which creates a true virtual environment. vPE host address
>> /32 is required to advertised from one CE to another CE, will RFC4364
>> support this?
>>
>>
>>
>>
>>
>> On Wed, Oct 31, 2012 at 10:59 PM, Lucy yong <lucy.yong@huawei.com>
>> wrote:
>> > Hi, Eric, Robert, and Ali,
>> >
>> > Thank you very much for the explanations. They are very helpful.
>> >
>> > You are right. The label switch path in the text means the VPN label.
>> Individual labels are used over each segment and swapped at ASBR in
>> option B. This is not related to underlying tunnel mechanism at all.
>> ASBR1 is the next hop for the PE1, a tunnel is terminated at ASBR.
>> Option A, B, C are about VPN interworking (or say virtual overlay
>> network).
>> >
>> > For another scenario is that, if a WAN VPN is used to interconnect DC
>> provider underlying networks at different sites, i.e. PE-CE case, DC
>> provider should be able to build a L3VPN among vPEs at DC sites
>> directly, in which it seems necessary to have a tunnel between a pair
>> of vPEs. This makes that DC GW and WAN VPN are not aware of DC L3VPN
>> existence, which creates a true virtual environment. vPE host address
>> /32 is required to advertised from one CE to another CE, will RFC4364
>> support this?
>> >
>> > Regards,
>> > Lucy
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >> -----Original Message-----
>> >> From: Eric Rosen [mailto:erosen@cisco.com]
>> >> Sent: Wednesday, October 31, 2012 3:45 PM
>> >> To: Lucy yong
>> >> Cc: Robert Raszuk; nabil.bitar@verizon.com; l3vpn@ietf.org;
>> >> rex@cisco.com; wardd@cisco.com
>> >> Subject: Re: comment on draft-fang-l3vpn-virtual-pe-framework-01
>> >>
>> >> I think there's a misunderstanding of the sentence from RFC4364:
>> "This
>> >> procedure requires that there be a label switched path leading from
>> a
>> >> packet's ingress PE to its egress PE."
>> >>
>> >> If a VPN packet is traveling the following path:
>> >>
>> >>     PE1--->P1--->ASBR1--->ASBR2--->P2--->PE2
>> >>
>> >> where the ASBRs are supporting option B, then there is necessarily
>> an
>> >> LSP
>> >> consisting of the following sequence of routers:
>> <PE1,ASBR1,ASBR2,PE2>.
>> >> What makes this sequence of routers an LSP is that they all operate
>> on
>> >> the
>> >> "VPN label".  (See section 3.15 of RFC 3031 for the precise
>> definition
>> >> of
>> >> "Label Switched Path".  Note that "LSP" is defined relative to the
>> >> position
>> >> of a particular label in the stack of a particular packet.)  PE1
>> pushes
>> >> on
>> >> the label, ASBR1 swaps it with a label assigned by ASBR2, ASBR2
>> swaps
>> >> it
>> >> with a label assigned by PE2, PE2 pops it.  We could call this the
>> "VPN
>> >> LSP", because it follows the path of distribution of a VPN-IP route.
>> >>
>> >> The cited text is intended to distinguish option B from option A; in
>> >> option
>> >> A, the sequence <PE1,ASBR1,ASBR2,PE2> is not an LSP, because ASBR2
>> does
>> >> not
>> >> distribute labels to ASBR1.
>> >>
>> >> > which requires two SPs pre-provisioning process that may not apply
>> to
>> >> > here.
>> >>
>> >> The LSP exists by virtue of the distribution of the labeled VPN-IP
>> >> routes.
>> >>
>> >> Note that, although <PE1, ASBR1, ASBR2, PE2> is an LSP according to
>> the
>> >> definition in RFC 3031, each router in the sequence only has to know
>> >> which
>> >> router is next in the sequence; the ingress router does not need to
>> >> know how
>> >> to reach to the egress router.  Also, there is no requirement that
>> an
>> >> LSP is
>> >> used to carry packets from PE1 to ASBR1, or from ASBR2 to PE2.
>> Either
>> >> or
>> >> both of those "hops" could be via a GRE tunnel, or any other method
>> of
>> >> transport.
>> >>
>> >> It's true that in a typical deployment, there is a "top-level" LSP
>> >> <PE1,P1,ASBR1> and another "top-level" LSP <ASBR2,P2,PE2>. Neither
>> of
>> >> these
>> >> is the VPN LSP; rather, each is used to carry packets from one
>> member
>> >> of the
>> >> VPN LSP to the next member in sequence.  But option B is independent
>> of
>> >> how
>> >> packets get between adjacent members of the VPN LSP.
>> >>
>> >> > WAN may use MPLS LSP tunnel and DC may use IP based tunnel.
>> >>
>> >> That is compatible with RFC4364 option B, because the LSP
>> >> <PE1,ASBR1,ASBR2,PE2> still exists.
>> >>
>> >> > This will be an issue when use IP GRE tunnels.
>> >>
>> >> It's only an issue if you want to have a single GRE tunnel that goes
>> >> from
>> >> PE1 to PE2.  If that is what you want, then you should probably be
>> >> using
>> >> option C.  Option B does not tell the ingress PE who the egress PE
>> is.
>> >> (Well, not unless RFC 6513/6514 is also in use ...)
>> >>
>> >> > Option C request set up two LSP tunnel, one from ingress PE to
>> egress
>> >> PE,
>> >> > second from ingress PE to ASBR to solve the issue in IGP.
>> >>
>> >> In option C, the "VPN LSP" would be <PE1,PE2>.  If one wants to use
>> >> MPLS to
>> >> move the packets from PE1 to PE2, one needs a "top-level" LSP like
>> >> <PE1,P1,ASBR1,ASBR2,P2,PE2>; but this is not the "VPN LSP".  I think
>> >> you
>> >> interpreted the text from RFC 4364 as requiring this top-level LSP
>> for
>> >> option B, but it is only intended to require the VPN LSP
>> >> <PE1,ASBR1,ASBR2,PE2>.
>> >>
>> >> I'm not sure whether this makes things any clearer or not ...

v2.23.0 | Report a Bug | By Email